mirror of
https://github.com/google/flatbuffers.git
synced 2026-07-02 09:08:17 +00:00
Add size check to fix out of bounds read risk (#7304)
This commit is contained in:
@@ -164,10 +164,11 @@ class Verifier FLATBUFFERS_FINAL_CLASS {
|
|||||||
// gives the result we want.
|
// gives the result we want.
|
||||||
auto vtableo = tableo - static_cast<size_t>(ReadScalar<soffset_t>(table));
|
auto vtableo = tableo - static_cast<size_t>(ReadScalar<soffset_t>(table));
|
||||||
// Check the vtable size field, then check vtable fits in its entirety.
|
// Check the vtable size field, then check vtable fits in its entirety.
|
||||||
return VerifyComplexity() && Verify<voffset_t>(vtableo) &&
|
if (!( VerifyComplexity() && Verify<voffset_t>(vtableo) &&
|
||||||
VerifyAlignment(ReadScalar<voffset_t>(buf_ + vtableo),
|
VerifyAlignment(ReadScalar<voffset_t>(buf_ + vtableo),
|
||||||
sizeof(voffset_t)) &&
|
sizeof(voffset_t)))) return false;
|
||||||
Verify(vtableo, ReadScalar<voffset_t>(buf_ + vtableo));
|
auto vsize = ReadScalar<voffset_t>(buf_ + vtableo);
|
||||||
|
return Check((vsize & 1) == 0) && Verify(vtableo, vsize);
|
||||||
}
|
}
|
||||||
|
|
||||||
template<typename T>
|
template<typename T>
|
||||||
|
|||||||
Reference in New Issue
Block a user